Peer-Joachim Koch wrote:
#ssh only for some ip's (ssh 22/tcp # SSH Remote Login Protocol) # for all ip's smtp 25/tcp mail # Simple Mail Transfer http 80/tcp # World Wide Web HTTP
I'd probably close this, if your only use for http is webmail.
pop2 109/tcp # Post Office Protocol - Version 2
You definitely don't need this one :)
pop3 110/tcp # Post Office Protocol - Version 3 imap 143/tcp imap2 # Internet Message Access Protocol imap3 220/tcp # Interactive Mail Access Protocol v3
And you won't need this one either.
https 443/tcp # http protocol over TLS/SSL imap4-ssl 585/tcp # IMAP4+SSL (use 993 instead)
Well, it says that you don't need this port, as imaps now listens on port 993.
sshell 614/tcp # SSLshell
You're using SSLshell? Or which process is listening on this port?
imaps 993/tcp # imap4 protocol over TLS/SSL pop3s 995/tcp spop3 # pop3 protocol over TLS/SSL
If you know in advance, which clients are going to be used - or better if you can decide, which clients are to be used, I'd go for closing down all cleartext protocols on your server, so that only smtp, imaps, pop3s and https are open to the public. Alas, some mail readers are still broken and do not support imaps or/and pop3s, so you might have to leave pop3 and imap open as well. Just my 2 Cent, Ralph